To create competitive advantage, more organizations are fostering cultures rooted in speed. As companies on this fast track double down on time to innovation, time to market, time to revenue, time to customer value, they are inherently introducing more risk from the inside. I think we can all agree that the more cloud-based, collaborative and fast an organization becomes, the greater the Insider Risks posed to its people, technology and data. CISOs and their teams need to pay more attention to the behavioral dynamics of the culture—how these dynamics are being impacted by the pandemic and the growing risks they are creating within organizations.
As the first blog in a two-part series, here are four reasons why Insider Risk Management should be at the top of your priority list for 2021.
Blurred boundaries and burnout are putting data at risk.
Half of CISOs identified employee actions as the leading cause of data breaches. (Code42 Data Exposure Report 2019)
Having the pulse of the employee base informs Insider Risk exposure. Compared to pre-pandemic times:
- Employees are working longer hours. On average, three more hours per day, 15 hours per week.
- Employees are working vastly different hours. Some work early mornings before the kids wake up; some later at night when the kids go to bed.
- Employees are working more on weekends, playing catch up after a work week consumed with Zoom meetings.
The blurring of boundaries between work and home, always-on accessibility and general lack of down time is creating fatigue, mental health issues and burnout. These types of macro changes in workplace behavior are contributing factors to employee departures, sloppy work, poor decisions and, therefore, a growing risk to data security.
Sidestepping sanctioned tools is undermining data protection.
37% of employees use unauthorized apps daily to get their jobs done. (Code42 Data Exposure Report 2020)
Working from home and off the corporate network, more employees are routinely using unauthorized cloud-based platforms to share files and ideas with colleagues. They sidestep sanctioned tools because they believe they are too complicated, restrictive and slow—or don’t have enough features to accomplish regular tasks. According to a Stanford University study, 42% of the U.S. workforce is now working from home 100% of the time—so there’s even more Insider Risk that comes with “using the tools and technology they want to get their jobs done.”
We know that employees are working longer, more varied hours—mornings, late nights and weekends—to get work done. These behaviors beg the question: What technologies are they using? What we found is that it depends. The technology used to share files and collaborate with co-workers differs by generation.
- The top three tools Gen X employees use: 1. Microsoft OneDrive, 2. Google Drive, 3. Personal email.
- The top three tools Gen Y employees use: 1. Personal email, 2. Google Drive, 3. Microsoft OneDrive
- The top three tools Gen Z employees use: 1. WhatsApp, 2. Google Drive, 3. Social Media
CISOs must appreciate that Gen Y and Gen Z employees’ work behaviors differ from Gen X or Boomers. Fifteen years ago, it was much easier to identify critical data assets, classify them and create policies to prevent data from leaving the organization—everything was on-premises. We all know technology designed for on-premises that is retrofitted for cloud does not work. Today, Gen Y and Gen Z employees are moving critical data assets via unsanctioned tools like personal email, social media, WhatsApp and iCloud (ranked in the top six across all three generations). Herein lies yet another Insider Risk CISOs must explore and assess to better manage and mitigate.
Collaboration tech has become a data exfiltration vector of choice.
89% of CISOs believe the fast-paced culture model of their organizations puts them at greater risk of data breach. (Code42 Data Exposure Report 2019)
Powered by the latest technologies, employees are downloading, uploading, emailing, AirDropping, messaging, posting, syncing, sharing, dragging and dropping corporate data 24/7—largely from their company-issued laptop or worse, a personal device. The upside is that these tools make them more productive. The downside is that these same tools make it easier to exfiltrate or even infiltrate data.
The most common techniques used to move sensitive data outside company networks are surprisingly simple. To make their jobs easier while working “off network,” an employee can upload an attachment to her personal Gmail account and send documents to herself, while a colleague uploads files to his personal Dropbox account. The point is cloud-based tech has made it easier than ever before for employees to put your intellectual property, product development, brand and reputation at risk of insider threats.
Old data protection tech can’t keep up with new work routines.
69% of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach. (Code42 Data Exposure Report 2019)
Insider Risk is more dynamic and pervasive and largely hidden in the mountains of alerts data protection technology like data loss prevention (DLP) solutions are triggering. This is by design because in a cloud, collaborative and remote work culture, old-school, on-premises DLP policies are being broken left and right. The sheer noise that comes with how employees work and what they use to get work done is inevitable. The challenge for security teams is identifying, evaluating and prioritizing the Insider Risk that matters most to the organization.
In my next blog, I’ll share some thoughts on how to tackle these Insider Risk challenges by moving upstream and applying an integrated risk management (IRM) approach to data protection—an approach that enables you to keep pace with collaboration without jeopardizing the safety of data.
Additional reading: Bringing Remote Workforce Risks into Clear Focus